Use the bb.utils.sha* utilities to hash files since they are much faster
than the loops we were rolling ourselves
(From OE-Core rev: a6d9de5350937c7e25899491db59f473345f0b69)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Licenses reported in the SPDX documents should be either:
A) A valid SPDX identifier cross referenced from the SPDX license
database
B) A "LicenseRef" to a license described in the SPDX document
The licensing code will now add a placeholder extracted license with
corresponding "LicenseRef" for any licenses that are not matched to the
SPDX database
Parenthesis in the license expression are now handled correctly
(From OE-Core rev: 28d9d035c0ff8fcaf28bc96a976a43a602a47e94)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This will create a more uniq DocumentRef, which will allow
the individual spdx files to be merged into a single SBOM
file reflecting the image. Do the same with the runtime dependencies
also
(From OE-Core rev: df7c88a48621d32c02f328eedc314f10d475b758)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes another creator that was missed earlier
(From OE-Core rev: 046c05fec9fc5162d7a14971ed1402d86605d229)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a debug source cannot be found, mark it as NOASSERTION so that other
tools at least know we were unable to locate it.
(From OE-Core rev: 0e6bdd3f208c50153087c2baca67e9fd64a458d0)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the index to DEPLOYDIR in addition to adding it to the SPDX archive
(From OE-Core rev: 374dc08c0f22e98a267676f71308592d17f77d64)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update the creator name since this no longer lives in meta-doubleopen
(From OE-Core rev: 6fdea64ef53eb4de3d0e58e70ae6b391fdff6cd0)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
